Google Apps administrators now have the ability to enforce SSL connections on the Contacts APIs through a setting in the control panel. This setting provides added security against session hijacking and user impersonation. It affects these APIs:

- Contacts API
- Domain Shared Contacts API
- Google Apps Profiles API

Note that this setting will be OFF by default because some widely used legacy contacts applications do not support SSL. Early next year, we will set the Enforce SSL option to ON for all new domains and all existing domains where we do not detect a contacts API request from one of these legacy applications within the previous week.

Editions included:
Google Apps for Business, Education and Government

For more information:
Get these product update alerts by email
Subscribe to the RSS feed of these updates